package org.atomserver.server.servlet;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.abdera.util.Constants;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.atomserver.exceptions.TooMuchDataException;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/org/atomserver/server/servlet/BlockingFilter.class
 */
/* loaded from: input_file:WEB-INF/lib/atomserver-2.1.18.jar:org/atomserver/server/servlet/BlockingFilter.class */
public class BlockingFilter implements Filter {
    protected static Log logger = LogFactory.getLog(BlockingFilter.class);
    private final BlockingFilterSettings settings;

    public BlockingFilter(BlockingFilterSettings blockingFilterSettings) {
        this.settings = blockingFilterSettings;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequest servletRequest2 = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (contentNotBlockedByLength(servletRequest2, httpServletResponse) && userNotBlocked(servletRequest2, httpServletResponse) && pathNotBlocked(servletRequest2, httpServletResponse) && writesNotBlocked(servletRequest2, httpServletResponse)) {
            filterChain.doFilter(isContentLengthNotSet(servletRequest2) ? wrapServletRequest(servletRequest2) : servletRequest2, servletResponse);
        }
    }

    public void destroy() {
    }

    private boolean contentNotBlockedByLength(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!(httpServletRequest.getMethod().equals("POST") || httpServletRequest.getMethod().equals("PUT")) || this.settings.getMaxContentLength() < 0 || httpServletRequest.getContentLength() <= this.settings.getMaxContentLength()) {
            return true;
        }
        setError(httpServletResponse, HttpStatus.SC_REQUEST_TOO_LONG, "TOO MUCH DATA :: (Content length exceeds the maximum length allowed.) :: " + httpServletRequest.getRequestURI());
        return false;
    }

    private boolean isContentLengthNotSet(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getMethod().equals("POST") || httpServletRequest.getMethod().equals("PUT")) && this.settings.getMaxContentLength() >= 0 && httpServletRequest.getContentLength() == -1;
    }

    private boolean userNotBlocked(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null) {
            return true;
        }
        String name = userPrincipal.getName();
        if (!this.settings.getBlockedUsers().contains(name)) {
            return true;
        }
        setError(httpServletResponse, 403, "USER IS BLOCKED :: (" + name + " is blocked from accessing the server.) :: " + httpServletRequest.getRequestURI());
        return false;
    }

    private boolean pathNotBlocked(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        List<String> blockedPaths = this.settings.getBlockedPaths();
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = blockedPaths.iterator();
        while (it.hasNext()) {
            if (requestURI.matches(it.next())) {
                setError(httpServletResponse, 403, "PATH IS BLOCKED :: (" + requestURI + " is blocked from access.) :: ");
                return false;
            }
        }
        return true;
    }

    private boolean writesNotBlocked(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!(httpServletRequest.getMethod().equals("POST") || httpServletRequest.getMethod().equals("PUT") || httpServletRequest.getMethod().equals("DELETE")) || !this.settings.getWritesDisabled()) {
            return true;
        }
        setError(httpServletResponse, 403, " PUT, GET AND DELETE are currently blocked");
        return false;
    }

    private ServletRequest wrapServletRequest(ServletRequest servletRequest) throws IOException {
        final ServletInputStream inputStream = servletRequest.getInputStream();
        final int maxContentLength = this.settings.getMaxContentLength();
        final ServletInputStream servletInputStream = new ServletInputStream() { // from class: org.atomserver.server.servlet.BlockingFilter.1
            int bytesRead = 0;

            public int read() throws IOException {
                int i = this.bytesRead;
                this.bytesRead = i + 1;
                if (i > maxContentLength) {
                    throw new TooMuchDataException("Content length exceeds the maximum length allowed.");
                }
                return inputStream.read();
            }
        };
        return new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: org.atomserver.server.servlet.BlockingFilter.2
            public ServletInputStream getInputStream() throws IOException {
                return servletInputStream;
            }
        };
    }

    private void setError(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        logger.error(str);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType(Constants.XML_MEDIA_TYPE);
        httpServletResponse.setStatus(i);
        httpServletResponse.getWriter().println(errorMessage(i, str));
    }

    private String errorMessage(int i, String str) {
        return "<?xml version='1.0' encoding='UTF-8'?><error xmlns=\"http://incubator.apache.org/abdera\"><code>" + i + "</code><message>" + str + "</message></error>";
    }
}
